Visible to the public Automated Parsing and Interpretation of Identity Leaks

TitleAutomated Parsing and Interpretation of Identity Leaks
Publication TypeConference Paper
Year of Publication2016
AuthorsGraupner, Hendrik, Jaeger, David, Cheng, Feng, Meinel, Christoph
Conference NameProceedings of the ACM International Conference on Computing Frontiers
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4128-8
Keywordsautomated parsing, composability, Data Breach, identity leak, password, pubcrawl, security awareness
Abstract

The relevance of identity data leaks on the Internet is more present than ever. Almost every month we read about leakage of databases with more than a million users in the news. Smaller but not less dangerous leaks happen even multiple times a day. The public availability of such leaked data is a major threat to the victims, but also creates the opportunity to learn not only about security of service providers but also the behavior of users when choosing passwords. Our goal is to analyze this data and generate knowledge that can be used to increase security awareness and security, respectively. This paper presents a novel approach to automatic analysis of a vast majority of bigger and smaller leaks. Our contribution is the concept and a prototype implementation of a parser, composed of a syntactic and a semantic module, and a data analyzer for identity leaks. In this context, we deal with the two major challenges of a huge amount of different formats and the recognition of leaks' unknown data types. Based on the data collected, this paper reveals how easy it is for criminals to collect lots of passwords, which are plain text or only weakly hashed.

URLhttp://doi.acm.org/10.1145/2903150.2903156
DOI10.1145/2903150.2903156
Citation Keygraupner_automated_2016